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Abstract 

We introduce fixpoint definitions, a rule-based reformulation of fixpoint constructs. The 
logic FO(FD), an extension of classical logic with fixpoint definitions, is defined. We illus- 
trate the relation between FO(FD) and FO(ID), which is developed as an integration of 
two knowledge representation paradigms. The satisfiability problem for FO(FD) is inves- 
tigated by first reducing FO(FD) to difference logic and then using solvers for difference 
logic. These reductions are evaluated in the computation of models for FO(FD) theories 
representing fairness conditions and we provide potential applications of FO(FD). 
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1 Introduction 

Two mainstream knowledge representation paradigms of the moment are on the 



one hand, classical logic-based approaches such as description logics (Baader et al. 



2003), and on the other hand, rule-based approaches from logic programming and 



extensions such as Answer Set Programming and Abductive Logic Programming 



(Baral 2003 Kakas et al. 19921). The latter disciplines are rooted in the discipline 



of Non-Monotonic Reasoning ([McCarthy 1986). FO(ID) (Denecker and Ternovska 



2008) integrates both paradigms in a tight, conceptually clean manner. The key 



to integrate "rules" into classical logic (FO) is the observation that natural lan- 
guage, or more precisely, the informal language of mathematicians, has an informal 
rule-based construct: the construct of inductive/recursive definitions (IDs). FO(ID) 
extends FO not only with an inductive definition construct but also with an expres- 
sive and precise non-monotonic reasoning principle. It is an extension of FO with 
inductive definitions and an integration of FO and LP. It integrates monotonic and 
non-monotonic logics. The inductive definition construct of FO(ID) formally gen- 



eralizes Datalog (Abiteboul et al. 1995). FO(ID) is also strongly related to fixpoint 
logics. Monotone definitions in FO(ID) are a different rule-based syntactic sugar 



of the fixpoint formulas of Least Fixpoint Logic (LFP) (Park 1969). Last but not 
least, FO(ID), being a clear, well-founded integration of rules into classical logic, 
might play a unifying role in the current attempts of extending FO-based descrip- 



tion logics with rules ( Vennekens and Denecker 2009[ ) . It thus appears that FO(ID) 
occupies quite a central position in the spectrum of computational and knowledge 
representation logics. 

The work in this paper is inspired by work on FO(ID) to integrate LP-stylc 
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rules into fixpoint constructs. The resulting constructs are called fixpoint defini- 
tions (FDs). Fixpoint definitions use the rule-based format which will enable us 
to more easily link fixpoint constructs with the rule-based knowledge represen- 
tation paradigm and the FO(ID) formalism. We define the logic FO(FD), which 
is an extension of classical logic with fixpoint definitions. In FO(FD), almost all 
kinds of inductions can be expressed in a natural way. The study of FO(FD) con- 
tributes to the understanding of rule-based systems and thus, to the study of the 
relation between non-monotonic inductive definitions and fixpoint definitions, to 
the study of the correspondence between well-founded and fixpoint semantics and 
to the integration of classical logic-based and rule-based approaches for knowledge 
representation. 

We investigate the connection between FO(FD) and FO(ID) by presenting equiva- 
lence preserving transformations from FO(ID) to FO(FD). It turns out that all kinds 
of inductive definitions in FO(ID) can be expressed in FO(FD). Meanwhile, due to 
the allowance of the nesting of least and greatest fixpoint constructs in FO(FD), the 
nesting of induction and coinduction can be represented in FO(FD). Thus, some 



concepts, e.g., infinite structures and the nesting of recursion and corecursion (Bar 



wise and Moss 1996), which can not be defined in FO(ID) in a well-founded way, 
can be handled naturally in FO(FD). We show that in general, FO(FD) is strictly 
more expressive than FO(ID). 

On the computational level, the satisfiability problem for FO(FD), deciding the 
satisfiability of FO(FD) theories, is a major research topic. One research direction 
is towards developing solvers for extensions of propositional logic, e.g., SMT. Differ- 



ence logic ( Nieuwenhuis and Oliveras 2005 ) can be seen as an instance of an SMT 



framework where propositional logic is extended with simple linear constraints. 
Efficient implementation techniques for difference logic are emerging in the SMT 



domain (Nieuwenhuis and Oliveras 2005 Cotton and Maler 2006), which makes 



it a good choice as base technology. In this paper, we develop translations from 
FO(FD) to difference logic, based on similar reductions of logic programs presented 



in (Janhunen et al. 2009 Niemela 2008). The translations reduce the satisfiability 
check of FO(FD) theories to finding satisfying interpretations of difference logic 
theories. This provides a novel approach to model expansion for FO(FD). We also 
present experimental results. 

The paper is organized as follows. In Section [2] we introduce fixpoint definitions 
and the logic FO(FD). FO(ID) and the relationship between FO(FD) and FO(ID) 
are presented in Section [SJ We investigate the satisfiability problem for FO(FD) 
by providing the reductions from FO(FD) to difference logic in Section [4] The 
reductions are evaluated experimentally in Section [5] In Section [61 we present some 
potential applications of FO(FD) and a conclusion follows in Section [t] 



2 FO(FD): A logic of fixpoint definitions 

In this section, we extend first-order logic (FO) with an alternative rule-based 
fixpoint construct: the construct oi fixpoint definitions (FDs), to formalize a new 
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logic FO(FD), which can be viewed as an extension of first-order logic with mixed 
induction and coinduction. 



2. 1 Syntax 

We assume familiarity with classical logic. A vocabulary S consists of a set of pred- 
icate and function symbols. Terms and FO formulae are defined as usual, and are 
built inductively from variables, constant and function symbols, logical connectives 
(-1, A, V) and quantifiers (V, 3). Note that predicate symbols occurring in a fixpoint 
definition are viewed as predicate constants but not predicate variables. 

A rule over a vocabulary S is an expression of the form Vx(P(x) <— <yj[a;]), where 
P is a predicate symbol of S and ^p\x\ is an arbitrary first-order formula over E. 
Atomic formula P(x) is known as the head of the rule and ^\x\ is known as the 
body of the rule. The defined predicate of the rule is P. The connective -s— is called 
definitional implication and is to be distinguished from material implication D, an 
abbreviation for -^body V head. We say that a predicate symbol occurs positively 
(negatively) in a formula if it occurs in the scope of an even (odd) number of 
negations. A rule is positive in a set of predicate symbols if these symbols occur 
only positively in (p. 

For a set Ti. of rules, we denote def(TZ) as the set of defined predicates of its rules, 
and we denote open(TZ) as the set of all other symbols occurring in TZ. 

Without loss of generality, we assume from now on, that rule sets contain for each 
of its defined predicates exactly one rule of the form Vx(P(3;) •<— ipp[x]). Indeed, 
any set of rules {Va;(P(x) <— (pi[x]), . . . ,yx{P{x) <— (p„[a;])} can be transformed 
into a single rule Va;(P(a;) -s— (/?! [x] V . . . V (p„[a;]). 

Definition 2.1 

We define a least fixpoint definition (LFD), respectively greatest fixpoint definition 
(GFD) over vocabulary S by simultaneous induction, as a finite expression V of 
the form 

L '7^,Ai,..., A„,Vi,...,V„ J , respectively [ 7^, Ai, . . . , A„, Vi, . . . , V„ ] 

with Q < n^m such that: 

1. 7?. is a set of rules over S. 

2. Each Ai is a least fixpoint definition and each Vj is a greatest fixpoint 
definition. 

To express the remaining conditions, we need some auxiliary concepts and nota- 
tions. For such an expression T), we say that a rule r is locally defined in I? if r e 7^, 
and that a predicate P is locally defined in I? if P G def{TZ) , and that P is defined in 
2? if P is locally defined in V or defined in any of its subdefinitions Ai, . . . , V„. The 
set of defined predicates of 2? is denoted def{'D) . A symbol is open in T) if it occurs 
in T) and is not defined in it. The set of open symbols of T) is denoted open{'D). 

3. Every defined symbol of V has only positive occurrences in the bodies 
of rules in V. 



4 P. Hou, B. de Cat and M. Denecker 

4. Each symbol P E def(T>) has exactly one local definition in V. Formally, 
{def{n), def{Ai), ..., rfe/(V„)} is a partition of def{V). 

5. For every subdefinition 2?' of V, open{'D') C open{'D) U def(TZ). In par- 
ticular, a symbol defined in another subdefinition 2?" ^ V , does not 
occur in V . 

A fixpoint definition is either a least fixpoint definition or a greatest fixpoint defi- 
nition. We allow arbitrary nesting of least and greatest fixpoint definitions. 

An FO(FD) formula is either an FO formula or a fixpoint definition. An FO(FD) 
theory is a set of fixpoint definitions and FO sentences. 

Example 2.2 

Assume a binary predicate T denoting a transition graph on a set of vertices, 
representing the states. Assume a property on states i?, i.e., a unary predicate on 
vertices. The set of states P that have an (infinite) path passing an infinite number 
of times through a state satisfying R, is defined by: 

Vx {P{x) ^ Q{x)) 

Vx (Q(x) ^ R{x) A ByiTix, y) A Piy))) 
yx{Q{x)^3y{T{x,y)AQ{y))) 

2.2 Semantics 

The semantics of FO(FD) is an integration of standard FO semantics with fixpoint 
semantics of definitions. We start by defining the fixpoint semantics. 

Given two disjoint first-order vocabularies S and S', a S-interpretation / and a 
S'-interpretation /', the E U E'-interpretation mapping each element e of S to e^ 
and each e € E' to e^ is denoted hy I + 1' . When E' C E, we denote the restriction 
of a E-interpretation / to the symbols of E' by /|s'- For a E-interpretation / and 
a tuple of domain elements d, we denote by I\x/d\ the interpretation that has the 
same domain as /, interprets x = [xi, . . . , x„) by d = (di, . . . , (i„), and coincides 
with / on all other symbols. 

With a set TZ of rules over E and a (partial) two- valued E-interpretation / inter- 
preting at least all open symbols and no defined symbols, i.e., E n def{TZ) = and 
openiJZ) C E, there is a standard way of associating an operator T^' on the set of 
de/(7^)-interpretations with the domain of /. For two such interpretations J, K, we 
define Tf{J) ^ K ii for every Vx(P(x) ^ ^Pp[x]) G 7^, P^ = {d\{I + J)[x/d] [= 

ipp\x]}. 

If each defined symbol in def(TZ) has only positive occurrences in the body of a 
rule in TZ, the operator Tj is monotone with respect to the standard truth order 
on interpretations and hence, it has least and greatest fixpoints in this set denoted 
Ifpirf), respectively gfp{Tf). Importantly, if P^ < P^ for every symbol P E 
open(TZ) with only positive occurrences in rule bodies of 7^, then IJpiXf) < Vpi^fi) 
and gfp{Vf) < gfp{Tf,). 

Given an expression 2? which might be an LFD or a GFD, and an open{'D)- 
interpretation / interpreting at least all open symbols of T) and no defined ones. We 
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define an operator T^ on the set of (ie/(I?)-interpretations witli domain dom{I). This 
operator is monotone with respect to the standard truth order on interpretations 
and hence, it has least and greatest fixpoints in this set. We define T^ {J) inductively 
as the interpretation K + K' where 



• 



K is the {def{'D) \ (ie/(7?.))-interpretation such that, for J' = I + Jldgfi-ji)- 
— ^\def(Ai) ^ '■fPi^j') for al\i^l,...,m. 
^ ^\def{v,) = 9fp{^j') for ah j = 1, . . . ,n. 

Observe that J' interprets all open symbols in every subdefinition of T). 
• K' is the de/(7^)-interpretation '^f+Ki'^\ def(n)^ ■ 

Definition 2.3 {Model ofV) 

Let 2? be a fixpoint definition and / a two-valued S-interpretation such that S 
contains all symbols in V. If V is an LFD, then I satisfies V, or / is a model of V, 
iff I\(igf(x)) ^ yp(r|] )• If P is a GFD, then / satisfies V, or / is a model of 

^' iff ^\def(v) = sfPi^?\open(7^?- ^^ ^^^^^' ^^^^ ^^ denoted I ^V. 

Example 2.4 {Continued 2.2) 

Semantically, the fixpoint definition in Example 2.2 has the following meaning: the 
relationship P is the result of iteratively computing a least (for P) and a greatest 
fixpoint (for Q). In the n-th iteration of the outer fixpoint, P will contain a vertex 
iff it has a (finite) path that goes through at least n times through vertices with 
property R. At fixpoint, P (and Q) will contain a vertex iff it has a path that 
infinitely often reaches a vertex with property R. 

Definition 2.5 {Model of an FO(FD) theory) 

Let T be an FO(FD) theory over E and / a two-valued S-interpretation. Then / is 

a model of T, denoted by / ^ T, iff / |= (/? for every ip eT. 

Definition 2.6 {Equivalence) 

A theory Ti with vocabulary Si is equivalent to a theory T2 with vocabulary S2 
iff each model Mi of Ti restricted to S2 can be extended to a model M2 of T2 and 
vice versa. 



2.3 PC(FD) 

In this section, we introduce PC(FD), the propositional fragment of FO(FD). We 
assume familiarity with propositional logic. 

A propositional vocabulary S is a set of propositional atoms. A literal is an atom 
p or its negation ^p. An atom p is called a positive literal, ^p a negative one. For 
a literal I, we identify ^^l with I. 

A propositional fixpoint definition is a fixpoint definition such that all symbols 
occurring in it are propositional symbols. 
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Example 2. 7 

Consider the prepositional fixpoint definition 



V = 



p ^ qW r 
q^p 

r -1^ p 

s -s— i V a 

t ^ s 



It is obvious that a is the only open atom in this fixpoint definition. There are only 
two interpretations satisfying V, namely, /i = {a i— )• f, p i— )• f, (? i— > f, r i— > f, s i— > 
t,t n- t} and I2 — {a i—i' t,p 1-^ f, q h^ f, ?■ h^ f, s 1-^ t, t i-^- t}. The construction 
of Ji is illustrated as follows: ll = {a h- > f, p 1— > f, q H- f, ?■ h^ t, s i-)- t, t 1— )■ t} and, 
because the body of the only rule for r is false, I^ = {a n- f, p 1-^ f, q 1— > f, r 1— > 
f, s M- t, 1 1-^ t}, which is the limit of the iterations and thus, /i — if- 

A propositional fixpoint definition V is in definitional normal form (DefNF) if 
for any p € E, the fixpoint definition contains at most one rule p -^ tpp, and either 
i-Pp = \J Bp OT ipp = /\ Bp, where Bp is a set of literals called the body literals. Any 
propositional fixpoint definition can be transformed into DefNF in polynomial time 



using Tseitin transformation ( Tseitin 1968 ) . Hence without loss of generality, we 



can from now on assume that propositional fixpoint definitions are in DefNF. 

A PC(FD) theory is a set of propositional formulas and propositional fixpoint 
definitions. An interpretation / satisfies a PC(FD) theory if it satisfies every formula 
and every definition of the theory. 



3 A comparison of FO(FD) and FO(ID) 

FO(ID) is an extension of first-order logic with a new construct, namely generalized 
inductive definitions, for representing definitions that occur often in mathematics, 
but in general cannot be expressed in first-order logic. It was originally introduced 



in (Denecker 20001, and further developed in (Denecker and Ternovska 2008). In 



this section, we compare FO(FD) to FO(ID) by providing transformations from 
generalized inductive definitions to alternating fixpoint definitions and showing that 
in general, the FO(FD) formalism is strictly more expressive than the FO(ID). 

Definition 3.1 

Let E be a vocabulary. A (generalized) inductive definition (GID) D over E is 
a finite set of rules over E. Its sets of defined symbols def{D), respectively open 
symbols open(D) are defined as usual. 

We do not insist on defined predicates to occur positively in rule bodies in a gen- 
eralized inductive definition, but allow non-monotone inductive definitions. 

An FO(ID) formula is a Boolean combination of FO formulas and generalized 
inductive definitions. An FO(ID) theory is a set of generalized inductive definitions 
and FO sentences. A model of a generalized inductive definition is a two-valued 



well-founded model (Denecker and Ternovska 2008). The semantics of FO(ID) is an 
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integration of standard two-valued FO semantics with the weU-founded semantics 
of generalized inductive definitions. 

Example 3.2 

Consider the following non-monotone inductive definition of even and odd numbers 

over the structure of the natural numbers with zero and the successor function: 

\fx{Even{x) 4- a; = V 3y{x — s{y) A ^Even{y))) 
\fx{Odd{x) 4— 3y{x — s{y) A Even{y))) 

We begin our comparison of FO(FD) and FO(ID) by presenting equivalence pre- 
serving transformations from generalized inductive definitions to alternating fix- 
point definitions. New symbols may be introduced to the original vocabulary E. 

Definition 3.3 

Let D be a generalized inductive definition. For each defined predicate P oi D, we 
introduce a new predicate symbol P^ of the same arity of P. For each formula (p, let 
^ denote the formula obtained by substituting each negative occurrence P{t) of a 
defined predicate P in (/? by -^P^{t). We define two sets of rules: TZd = {^x{P{x) <— 
ipp[x]) I P e defiD)} and 7^^ = {Vx(P^(x) ^ ^ipp[x]) \ P g defiD)}. Now define 

Ai3 as [ 7^i5, [ 7es ] J. 

Let Z) be a generalized inductive definition over S. Then A/^ is a least fixpoint 
definition over S' = E U {P^ \ P e defiD)}. Note that open{D) = openiAo). 

Example 3.4 {Continued 3.2) 

Translating the previous FO(ID) formula into FO(FD) leads to 

\fx{Even{x) -s— .t = V 3y{x — s{y) A Even'^ (y))) 
yx{Odd{x) -s- 3y{x = s{y) A Even{y))) 

\/x{Even'^{x) -(— a; 7^ A yy{x = s{y) D Even{y))) 

\/x{Odd^ (x) <~ Vj/(a; — s{y) D Even^ (y))) 

Theorem 3.5 

Let Z? be a generalized inductive definition over S. Then there exists a one-to- 
one mapping between the E-models I oi D and the S'-models /' of A^ such that 
the domain of / is the same as that of /', /'|s = I and {P^)^ is the (relative) 
complement of P^ for each P G def{D) . 

In the following we show that in general, FO(FD) and FO(ID) do not have the 
same expressive power. 



Theorem 4.4 in (Schlipf 1995), for the well-founded semantics, states that a re- 



lation is definable in the well-founded semantics iff it is inductively {Il\ ) definable 



over the natural numbers. However, on the other hand. Theorem 10 in (Bradfield 



1996) presents that the FO(FD) alternation hierarchy, the hierarchy of alternat- 
ing LFD and GFD expressions (ordered along the number of alternations) in any 
fixpoint definitions, is strict. A consequence is the following result. 



Corollary 3.6 



Corollary 3.6 

FO(ID) is strictly less expressive than FO(FD) on infinite structures. 
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4 Satisfiability of FO(FD) 

The second part of this paper presents an approach to finite model expansion for 
FO(FD), the inference task consisting of, given a theory T, generating a model 
for the theory. As a declarative problem solving technique, model generation for 
FO(FD) allow to represent e.g. temporal properties in an application, increasing its 
general applicability to among others program verification. 

Finite model expansion is equivalent to checking the satisfiability of a Boolean 
formula, the satisfiability problem, solved by SAT solvers. One approach to check the 
satisfiability of FO theories, taken by many state-of-the-art solvers, is by reducing 
the theory to prepositional logic (a transformation called grounding) and using a 
SAT solver afterwards. Grounding generally consists of replacing all variables in a 
formula by all possible substitutions, but intelligent techniques exist that greatly 



reduce the size of such a grounding, see e.g. (Wittocx et al. 2008). 

Satisfiability checking of FO(FD) theories can be done in a similar way. First the 
FO(FD) theory is grounded to a PC(FD) theory Afterwards, the PC(FD) theory 



is reduced to difference logic (Nieuwenhuis and Oliveras 2005), propositional logic 



extended with linear constraints, and a difference logic solver is used to check the 
satisfiability of the resulting theory. In the domain of SMT, efficient difference logic 



solvers have been developed, see e.g. (Cotton and Maler 2006). 



Difference logic, denoted PC(DL), is the extension of propositional logic with 
linear difference constraints of the form x -\- c < y, where x, y and c are integer 
variables, of which c is known. Syntactically, a linear constraint can occur in the 
same positions as an atom. An interpretation of a difference logic theory assigns 
truth values to atoms and integer values to variables. 

We first introduce the grounding of FO(FD) to a variable free form. Then, we 
address the reductions of PC(FD) to difference logic. 

Without loss of generality, we only consider theories in function free FO(FD) for 
the rest of the paper (any FO(FD) theory can be transformed into a function free 
theory in polynomial time). 



4.1 Grounding FO(FD) 

The reduction of an FO(FD) theory T to a PC(FD) theory is defined by: 



Definition 4-1 

Given an FO(FD) theory T and a finite domain 2). To allow grounding of quantified 
formulas, we introduce a new constant c^ for each domain element d G 'D, which 
maps to d in every interpretation /. The grounding of T according to domain J), 
denoted G{T), consists of all G{ip) where (f & T and f is either an FO sentence or 
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a fixpoint definition, and G{ip) is defined as: 



G(^) 



Ades G{^p[x/cd]) if (/? 
VdGS G{^p[x/cd]) if (^ 
G(^i)AG(7/;2) if(^ 
G(^i)VG(7^2) 
G(^) 



p^G(V) 



if (^ 
if If 
if (/3 



= ^ 



if (^ := 

if (^ := p -(— -0 and p is an atom 

if tp is an atom 



Proposition 4-2 

An interpretation / is a model of an FO(FD) theory T iff it is a model of G{T). 

4-2 Reduction to difference logic 

The aim is to reduce a PC(FD) theory G{T) to an equivalent theory DL{T) in 
difference logic. The reduction of FO sentences to a PC(DL) theory coincides with 
their grounding, so for each FO sentence (p E T, DL{T) contains a sentence G{ip). 
The reduction of fixpoint definitions consists of the completion and level mapping 
constraints. 



4-2.1 Completion 



The completion, introduced by (Clark 19781 for logical rules, expresses in FO the 



consistency between the truth value of the head and the body of a rule. 

The completion of a propositional rule r — p ■^ ipp, denoted Comp{r), is given 
by the formula p = ^pp. The completion of a propositional fixpoint definition I?, 
denoted by CompiV), is UreX) Gomp{r). 

An important property is that I \^'D implies / |= Gomp{'D). The converse is not 
true, T) generally has fewer models than Gomp{'D). 

Example 4-3 

Consider the propositional fixpoint definition 



V = 



p -(r- pV a 
\ q^qAp ] 



Then Gomp{'D) — {p = p\/ a) /\ {q = q Ap) . V has two models: {a (-> f,p i— > f, g i-> f} 
and {a I— ?► t,p K^ t, (J I— >■ t}; Comp{V) has the same two models, and the additional 
three models: {a i->- f,p i->- t,g H^ t}, {a H> f,p H' t , g i->- f } and {a i->- t,p ^^ t,q^ 
f}- 
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4-2.2 Level mappings 

To obtain equivalence of T and DL{T), it is necessary to ensure that only inter- 
pretations consistent with the operator Tf are models of DL{T). We take a level 
mapping approach to characterize the models of the fixpoint operator. This is an ex- 



tension of the technique presented in ( Janhunen et al. 2009 Niemela 20081, where 



stable model generation of logic programs is obtained by reduction to difference 
logic. 

Definition 4-4 [level mapping) 

Given a fixpoint definition T), define a function l-p : def{'D) — > N, with def{T>) the 
set of all defined atoms in V. Function / is then the level mapping function and 
l-oip) is the level of defined atom p for fixpoint definition V. 

A level mapping function lx> is introduced for each (nested) fixpoint definition V 
in G(T). In ground form, for each fixpoint definition V and for each defined atom 
p in V, we introduce an integer variable, denoted l^. 

The level mapping should ensure that the truth of a least fixpoint relation or 
the falsity of a greatest fixpoint relation can always be finitely justified in terms of 
locally defined atoms or open ones. 

4-2.3 Level mapping constraints 

We introduce PC(DL) formulas which, as part of DL{T), act as constraints on the 
relation between the levels of different defined atoms within one fixpoint definition. 
Theory DL(T) will be satisfiable iff such a finite justification exists. 

As mentioned earlier, all rules are considered to be in DefNF. For a given rule 
r in fixpoint definition V, h denotes the head and body{r) is the set of all literals 
occurring in the body of r. The sets BLdefiT^^r) and BLopeniT^jf) denote the set 
of defined, respectively open body literals(BL) 

BLdefiV, r) ^ {d\d e defiV) U -^def(V) and d G body{r)} (1) 

BLopeni'D, r) — {o\o £ openiV) U ^openiV) and o S body{r)} (2) 

We now introduce the constraints. 

No justification is necessary for an atom defined in a GFD if it is true, nor for an 
atom defined in an LFD which is false. Formally represented by the constraints: 

ff I? is a GFD: a D ?^ = (3) 

if V is an LFD: ^a D Z^ = (4) 

When an atom defined in a GFD is not true or an atom defined in an LFD 
is not false, a justification is necessary. A justification is a set of body literals of 
a rule sufficient to derive the head in a given interpretation. Although looping is 
allowed over literals defined in lower fixpoints, it has to be possible to construct a 
justification which does not loop over literals in the same level. 

Deriving that the head of a rule with a disjunctive body in an LFD is true requires 
only one body atom to be true. If it were a rule with a conjunctive body, all body 
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literals would be necessary as justification. This also holds for the relation between 
their levels: in the disjunctive rule, the minimal level of all true body literals can act 
as the level of the justification. In the conjunctive case, the level is the maximum 
level of all body literals. 

These ideas can be generalized and formalized as constraints. For clarity, the 
constraints are not in PC(DL), but we introduce min{} and max{} notation to 
represent respectively the minimum and maximum of a set of levels. Assume an 
interpretation / to further simplify the aggregate notation. All aggregates can be 
translated out easily, independent of/ (see further). Also assume a fixpoint defini- 
tion V with a locally defined atom /i in a rule r. 

1. If 2? is an LFD and r has a conjunctive body, the translation of r is: 

hZ)l'i,> max{lf,\d G BLdef{V, r) and I{d) = t} (5) 

2. If V is an LFD and r has a disjunctive body, the translation of r is: 

h -D{ll^ > min{li\d e BLdef{V,r) and I{d) ^ t} 

y y dV y o) (6) 

deBLaefi'D,r) oeBLapenCD.r) 

3. If 2? is a GFD and r has a disjunctive body, the translation of r is: 

^hD l!l,> maxil^ld e BLdef(T>, r) and I{d) = f} (7) 

4. If 2? is a GFD and r has a conjunctive body, the translation of r is: 

^h D{l!l, > min{li\d e BLdef(T>, r) and I{d) = f} 

V V ^d V V ^o) (8) 

deBLdcfCD.r) oeBLopcn{'D,r) 

Similar constraints apply for the level of the head h of rules defined in a subdef- 
inition of 2?, but the inequality itj^ > ... is relaxed to I'-l, >.. . 

Proposition 4-5 

The truth value of a higher defined atom can only be justified by finite looping over 
literals in the same definition or infinite looping over literals in lower definitions. 
This is expressed by using similar constraints for locally defined rules and for rules 
defined in subdefinitions, but dropping the strict order requirement on the second, 
effectively allowing infinite looping over literals defined in subdefinitions. 

Example 4^.6 

In the following fixpoint definition, using only strict ordering would lead to a con- 
tradiction, although a model exists. 



a '^ c 






' c^ d ' 






d^ c 
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Theorem 4-7 

If an FO(FD) theory is transformed using the presented reduction to PC(DL) via 
PC(FD), the resulting PC(DL) theory will be satisfiable iff the FO(FD) theory is 
satisfiable. Any model of the PC(DL) theory can be transformed into a model of 
the FO(FD) theory. 



4-2.4 Aggregate reduction 

To obtain PC(DL) constraints, the aggregates min and max have to be transformed 
into difference constraints, which can be done in the following fashion: 

Replace ^^ > max{{l^\d G BLdef{V, r) and I{d) = t}) 
by NdeBL,^i(v.r)ilv>li^^d) 

Replace ll^ > min{{l^\d £ BLdef{'D,r) and I{d) = t}) 
For a condition I{d) = f instead of I{d) = t, the literal d is replaced with ^d. 



4-2.5 Optimization: partial level mapping 

Level mappings constraints are used to enforece dependencies between defined 
atoms. Often, a preprocessing step (before PC(DL) reduction) allows to deduce 
that certain atoms will never depend on each other. In that case, less mapping 
constraints are necessary. A simple example are non-cyclic dependencies, for which 
no level mapping constraints are necessary {Comp{'D) \= V). These dependencies 



can be obtained by calculating the strongly connected components (Tarjan 1972) 



on the dependency graph of the fixpoint definition, a general technique used among 



others in stable model generation (Syrjanen and Niemela 2001). 



The dependency graph consists of all edges ft. ~^ &, for each rule r in 2? with head 
h and for each body literal 6 of r that is defined in T) or in a parent of T). A strongly 
connected component of a directed graph is a maximal subset in which a path exists 
between any two nodes in the set. 

Proposition 4-8 

Only defined atoms that are in a strongly connected component with || nodes || > 2 
or have recursion over themselves (e.g. h -^ h) need a level mapping. Body atoms 
that are not in the same strongly connected component as the head can be treated 
as open instead of defined atoms. 

To implement this idea, the set of open body literals BLopeni'^,''') is redefined: 
for a rule r, a body literal of r is considered open if it is not defined, defined in 
an ancestor of the definition of r or if it is not in the same strongly connected 
component as the head of r. The set BLj^(.f{'D^r) contains all remaining body 
literals. 
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4-2.6 Optimization: stronger constraints 

The presented constraints are weak: infinitely many models of the PC(DL) reduc- 
tion exist that are equivalent (modulo shared vocabulary) to one model of the 
FO(FD) theory. Exact one-to-one mapping is not possible because expressions of 
the form x = c, where c is a known integer constant, cannot be expressed in dif- 
ference logic. By expressing all constraints in terms of one integer variable, which 
acts as a floating ground, we can greatly reduce the number of redundant models. 
The presented constraints can be adapted to obtain such stronger constraints 
by enforcing that the level of the head of a rule is the minimum allowed by its 



associated constraint, adapted from in (Janhunen et al. 2009 Niemela 2008). For 



example for a rule with a conjunctive body in a least fixpoint, which is subject to 
the constraint expressed by equation [5] a second constraint is added of the form: 

hD y {I'i^li + lAd) (9) 



5 Implementation and experiments 

In this section, we report our first experiments, on model checking of fairness condi- 
tions, with a prototype implementation of the reductions from FO(FD) to difference 



logic. We used the /it-calculus fairness expression presented in ( |Liu et al. 1998| ): 



uX4iY.[-]{{a)X)VY (10) 

It expresses that a state in the transition system is fair if on all possible paths, an 
a-labeled edge is infinitely often taken. Translated into an FO(FD) theory: 

Vx {P{x) ^ Q{x)) 

[ yx (Qix) ^ Vy {Edgeix, y) D (L(y, a) A P{y)) V Q{y))) J 

where the relations P and Q contain states from which infinitely often a state 
labelled a will be reached. The predicate L is the labelling relation, expressing that 
a state has a certain label. The predicate Edge is the transition relation. 

The task consists of doing model expansion, where the transitions and labellings 
are known, to decide which nodes are fair. Both weak and strong constraints were 
tested. The experiments were done on the graph depicted in Figure [I] The results 
of these experiments are as shown in Table [l] grounding times are included. The 
machine used is a dual-core 2.4 GHz with 4 Gb RAM, with Ubuntu 8.04 OS. Yices2 
was used as difference logic solver. 

From these preliminary results, we conclude that fairness conditions can be evalu- 
ated efficiently using our reduction to difference logic. Strong constraints are signif- 
icantly faster due to their fewer degrees of freedom, which presumably allow more 



propagation and pruning of the search space. In (Keinanen and Niemela 2004) 



similar results were obtained with the same experiment. 
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Fig. 1. A transition graph 



1 1 nodes 1 1 I weak(sec) I strong(sec) 




0.011 


0.004 


0.21 


0.09 


20.51 


14.19 



Table 1. Model checking results 

6 Applications 

Many applications can be found on the use of fixpoint expressions. Most of them fo- 
cus on inductive and coinductive definitions (which have nesting depth 1), used e.g. 
for expressing transitive closure (reachability), bisimulation and situation calculus. 
One important application domain for nested fixpoint definitions is the verification 
of automata. Temporal logics like CTL* allow to express time-variant properties 
of automata, e.g. fairness. The ^-calculus, a superset logic of those temporal logics 
bound on fixpoint expressions, can be transformed into fixpoint definitions. So any 
application of model checking or model generation of temporal logics can be ex- 
pressed in FO(FD). Another application domain are so-called parity games, which 
are infinite games played on a graph with priority-annotated nodes. For more in- 



formation we refer to (Friedmann and Lange 20091. Parity games can be expressed 



in fixpoint logic, the nesting increasing polynomially with the number of priorities. 



7 Conclusions and related work 

In this paper, we have introduced fixpoint definitions, an alternative rule-based 
expression of fixpoint constructs, and the logic FO(FD), which is an extension of 
classical logic with fixpoint definitions. We have compared FO(FD) and FO(ID) by 
providing equivalence preserving transformations of non-monotone inductive defi- 
nitions to alternating fixpoint definitions and showed that FO(FD) is strictly more 
expressive than FO(ID) on infinite structures. We have investigated the satisfi- 
ability problem for FO(FD) by developing reductions from FO(FD) to difference 
logic. Hence, SMT solvers supporting difference logic can be used for computing fix- 
point models of FO(FD) theories without any modifications. We have implemented 
these reductions and evaluated the resulting solver in the computation of models of 
FO(FD) theories. In general, our transformation to difference logic is exponential in 
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the nesting depth of a fixpoint definition, but for most practical applications they 
prove compact and efficient. 

/xMALL", which is the logic obtained by extending MALL (multiplicative, ad- 
ditive linear logic) with equality, quantification (via V and 3) and mixed least and 



greatest fixpoint constructors, was introduced in (Baelde and Miller 20071. It seems 
that /kMALL" has the same expressive power as FO(FD). However, ^MALL~ is 
developed from a proof theory standpoint whereas FO(FD) is developed from a 
model theory point of view. 



Gupta et al. in (Gupta et al. 2007) introduced coinduction, corresponding to 



the greatest fixpoint constructor, into logic programming to obtain coinductive 
logic programming. Discussed applications are verification, model checking, non- 
monotonic reasoning, etc. However, in coinductive logic programming, naively mix- 
ing coinduction and induction leads to contradictions while arbitrary cyclical nest- 
ing of least and greatest fixpoint constructs is allowed in FO(FD). Another dif- 
ference is on the computational level. The main computational task for FO(FD) 
is model generation in the context of a finite domain. However, model generation 
in coinductive logic programming is applied to constructs of an infinite Herbrand 
model based on an infinite Herbrand universe. 



Niemela, Janhunen et al. in (Janhunen et al. 2009 Niemela 2008) introduced 



stable model generation of general logic programs via reductions to difference logic. 
They also used stable model generation to find solutions to Boolean equation sys- 



tems (Keinanen and Niemela 2004). This is a related fixpoint formalism, in which 



among others /z-calculus can be expressed. 

There are several other solvers for solving the satisfiability and validity problems 
for fixpoint logics, e.g., (Friedmann and Lange 2009). Our reduction is based on 



SMT solver technology, whereas referenced works are based on characterizations of 
satisfiability through infinite (cyclic) tableaux. Well-foundedness for unfoldings of 
least fixpoints is then checked using deterministic parity automata. 
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